0
Dependency management withComposerJason Grimes / @jason_grimes / jason@grimesit.comTriangle PHP - June 2013
Composer is adependency managerforPHP.Like npm in Node,or bundler in Ruby.
What are dependencies?Third-party librariesor other assets your project depends onwhich are stored in a separate repositor...
• Define dependencies in a version controlledconfig file.• Download & install them all with onecommand.• Have identical versi...
ComposerPEAR• Per-project• Open inclusion• Central repository• System-wide• Strict control• Dispersed channelsvsComposer i...
Installing Composer:$ curl -sS https://getcomposer.org/installer | php$ sudo mv composer.phar /usr/local/bin/composer
Keeping Composerup to date periodically:$ sudo composer self-updateUpdating to versiond498e73363f8dae5b9984bf84ff2a2ca2724...
Two main use cases:• Managing dependencies in a project• Distributing a library
Managing dependenciesin a project
Getting a dependency:{"require": {"silex/silex": "~1.0"}}$ cd ~/myproject$ vim composer.json$ composer install
$ composer installLoading composer repositories with package informationInstalling dependencies (including require-dev)- I...
Packages are installedin the vendor/ subdirectory$ ls vendorautoload.phpcomposer/pimple/psr/silex/symfony/
Specifying versions"~1.2"">=1.2,<2.0""1.2.*""1.2.3"Recommended. “Up to next significant release.” (semver)
Only stable packages are installed by default.Get a non-stable version like this:{"require": {"silex/silex": "~1.0@dev"},}...
Ensuring identical versionsin all project environments
• composer.json - the config file.Specifies versions as flexible patterns.• composer.lock - the lock file.Automatically written...
• composer install - Install dependencies,using the versions listed in composer.lock.• composer update - Determine the lat...
You can specify which packages to update,leaving the others untouched:$ composer update monolog/monologThis can be useful ...
composer update might break things.Only run it in dev environments.Commit composer.lock to versioncontrol when you’re read...
composer install ensures you havethe exact same versions as everyone elseusing that composer.lock file.Run composer install...
Autoloading
Composer sets up autoloading of yourdependencies (for free).Just include vendor/autoload.php:<?phprequire ‘vendor/autoload...
You can also use composer to configureautoloading for your own code.{"require": {...},"autoload": {"psr-0": {"MyApp": "src/...
Various autoloading conventions are supported."autoload": {"psr-0": {"MyAppTest": "src/test","MyApp_": "src","": "src/"},"...
You can generate the autoload fileswithout running an install or update:$ composer dump-autoloadIn production, you can gene...
Finding packages
https://packagist.org
$ composer search oauth2 serveradoy/oauth2 Light PHP wrapper for the OAuth 2.0 protocol (based onOAuth 2.0 Authorization P...
$ composer show league/oauth2-servername : league/oauth2-serverdescrip. : A lightweight and powerful OAuth 2.0 authorizati...
Bootstrapping a project
$ composer create-project fabpot/silex-skeleton ~/myprojectcreate-project clones a project skeletonand installs its depend...
$ composer create-project fabpot/silex-skeleton ~/myprojectInstalling fabpot/silex-skeleton (v1.0.0)- Installing fabpot/si...
$ ls ~/myprojectcache/composer.jsoncomposer.lockconfig/consolelogs/src/templates/vendor/web/
Adding another dependencyfrom the command line$ composer require doctrine/dbal:~2.3composer.json has been updatedLoading c...
Distributing a library
Any directory with a composer.json fileis a package.To be installable, a package just needs aname:{"name": "myvendorname/my...
Recommended info for composer.json{"name": "jasongrimes/silex-simpleuser","description": "A simple db-backed user provider...
Specify versions with tags in yourVCS.Tags should match X.Y.Z or vX.Y.Zwith optional RC, beta, alpha or patch suffix.1.0.0v...
“dev” versions are created automaticallyfor every branch
Branch names that look like versionsbecome {branch}-dev:2.0 => 2.0.x-dev1.2.x => 1.2.x-dev
Other branch names becomedev-{branch}:master => dev-masterbugfix => dev-bugfix
Specifying system requirements{"require": {..."php": ">=5.3","ext-PDO": “~1.0@dev”,"lib-openssl": "openssl"}}Run composer ...
Executing scripts with Composer{"scripts": {"post-update-cmd": "MyVendorMyClass::postUpdate","post-package-install": ["MyV...
Submitting to Packagisthttps://packagist.org
If using github, add a service hookPackagist will update whenever you push, instead of being crawled only once daily.https...
Custom repositories
Maintaining your own forksWhen you fix a bug in a third-party library,use your own fork until your fix gets accepted upstrea...
PEAR packages{"repositories": [{"type": "pear","url": "http://pear2.php.net"}],"require": {"pear-pear2.php.net/PEAR2_Text_...
Non-composer packages{"repositories": [{"type": "package","package": {"name": "smarty/smarty","version": "3.1.7","dist": {...
Private repositories
Use Satis to generate private Composer repositories.$ composer create-project composer/satis --stability=dev$ vim config.j...
Use your private repo like any other:{"repositories": [ {"type": "composer","url": "http://packages.example.org/"} ],"requ...
In conclusion...
• ...install dependencies not stored in your project’sVCS repo.• ...ensure identical versions in all your project’s enviro...
Resources• http://getcomposer.org• https://packagist.org/• #composer on freenodeJason Grimes / @jason_grimes / jason@grime...
Dependency management with Composer
Upcoming SlideShare
Loading in...5
×

Dependency management with Composer

1,784

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,784
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Dependency management with Composer"

  1. 1. Dependency management withComposerJason Grimes / @jason_grimes / jason@grimesit.comTriangle PHP - June 2013
  2. 2. Composer is adependency managerforPHP.Like npm in Node,or bundler in Ruby.
  3. 3. What are dependencies?Third-party librariesor other assets your project depends onwhich are stored in a separate repositoryfrom your project sources.
  4. 4. • Define dependencies in a version controlledconfig file.• Download & install them all with onecommand.• Have identical versions in all projectenvironments.• Automate this part of your build process.A dependency manager lets you:
  5. 5. ComposerPEAR• Per-project• Open inclusion• Central repository• System-wide• Strict control• Dispersed channelsvsComposer is becoming the de-facto standard
  6. 6. Installing Composer:$ curl -sS https://getcomposer.org/installer | php$ sudo mv composer.phar /usr/local/bin/composer
  7. 7. Keeping Composerup to date periodically:$ sudo composer self-updateUpdating to versiond498e73363f8dae5b9984bf84ff2a2ca27240925.Downloading: 100%
  8. 8. Two main use cases:• Managing dependencies in a project• Distributing a library
  9. 9. Managing dependenciesin a project
  10. 10. Getting a dependency:{"require": {"silex/silex": "~1.0"}}$ cd ~/myproject$ vim composer.json$ composer install
  11. 11. $ composer installLoading composer repositories with package informationInstalling dependencies (including require-dev)- Installing psr/log (1.0.0)Loading from cache- Installing symfony/routing (v2.3.0)Loading from cache- Installing symfony/debug (v2.3.1)Downloading: 100%- Installing symfony/http-foundation (v2.3.1)Downloading: 100%- Installing symfony/event-dispatcher (v2.3.0)Loading from cache- Installing symfony/http-kernel (v2.3.0)Loading from cache- Installing pimple/pimple (v1.0.2)Loading from cache- Installing silex/silex (v1.0.0)Loading from cachesymfony/routing suggests installing symfony/config ()...Writing lock fileGenerating autoload files
  12. 12. Packages are installedin the vendor/ subdirectory$ ls vendorautoload.phpcomposer/pimple/psr/silex/symfony/
  13. 13. Specifying versions"~1.2"">=1.2,<2.0""1.2.*""1.2.3"Recommended. “Up to next significant release.” (semver)
  14. 14. Only stable packages are installed by default.Get a non-stable version like this:{"require": {"silex/silex": "~1.0@dev"},}Stability flags, in order of priority: dev, alpha, beta, RC, and stable.To get the latest commit from the master branch:{"require": {"silex/silex": "dev-master"},}
  15. 15. Ensuring identical versionsin all project environments
  16. 16. • composer.json - the config file.Specifies versions as flexible patterns.• composer.lock - the lock file.Automatically written by composer.Lists the exact versions that were installed.Both files should be stored in version control.Two important files:
  17. 17. • composer install - Install dependencies,using the versions listed in composer.lock.• composer update - Determine the latestallowed versions, install them, and write theversion numbers to composer.lock.Two important commands:
  18. 18. You can specify which packages to update,leaving the others untouched:$ composer update monolog/monologThis can be useful when adding a new dependency.
  19. 19. composer update might break things.Only run it in dev environments.Commit composer.lock to versioncontrol when you’re ready to deploy thenew versions.Remember:
  20. 20. composer install ensures you havethe exact same versions as everyone elseusing that composer.lock file.Run composer install in your buildscripts.
  21. 21. Autoloading
  22. 22. Composer sets up autoloading of yourdependencies (for free).Just include vendor/autoload.php:<?phprequire ‘vendor/autoload.php’;$app = new SilexApplication();
  23. 23. You can also use composer to configureautoloading for your own code.{"require": {...},"autoload": {"psr-0": {"MyApp": "src/"}},}<?phprequire ‘vendor/autoload.php’;$app = new MyAppFoo(); // From src/MyApp/Foo.phpcomposer.json
  24. 24. Various autoloading conventions are supported."autoload": {"psr-0": {"MyAppTest": "src/test","MyApp_": "src","": "src/"},"classmap": ["src/", "lib/", "Something.php"],"files": ["src/MyLibrary/functions.php"]},MyAppTestFooTest => src/test/MyApp/Test/FooTest.phpMyApp_Foo => src/MyApp/Foo.phpFoo => src/Foo.phpSearch for classes in *.php and *.inc files in these locations,and generate a key/value array mapping class names to files.Explicitly load these files on every request.
  25. 25. You can generate the autoload fileswithout running an install or update:$ composer dump-autoloadIn production, you can generate a class mapfor all classes, to optimize performance:$ composer dump-autoload --optimize
  26. 26. Finding packages
  27. 27. https://packagist.org
  28. 28. $ composer search oauth2 serveradoy/oauth2 Light PHP wrapper for the OAuth 2.0 protocol (based onOAuth 2.0 Authorization Protocol draft-ietf-oauth-v2-15)drahak/oauth2 Nette OAuth2 Provider bundleopauth/oauth2 Base OAuth2 strategy for Opauthzircote/oauth2 OAuth2 Library, this is by no means complete nor isthe test coverage optimal, mileage may (will) vary.friendsofsymfony/oauth2-php OAuth2 librarybshaffer/oauth2-server-php OAuth2 Server for PHPleague/oauth2-server A lightweight and powerful OAuth 2.0authorization and resource server library with support for all thecore specification grants. This library will allow you to secureyour API with OAuth and allow your applications users to approveapps that want to access their data from your API....
  29. 29. $ composer show league/oauth2-servername : league/oauth2-serverdescrip. : A lightweight and powerful OAuth 2.0 authorization and resource serverlibrary with support for all the core specification grants. This library willallow you to secure your API with OAuth and allow your applications users toapprove apps that want to access their data from your API.keywords : authorization, api, Authentication, oauth, oauth2, server, resourceversions : dev-master, 2.1.1, 2.1, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0, 1.0.8, 1.0.7,1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0, 0.4.2, 0.4.1, 0.4, 0.3.5, 0.3.4,0.3.3, 0.3.2, 0.3.1, 0.3, 0.2.3, 0.2.2, 0.2.1, 0.2, dev-develop, dev-temptype : librarylicense : MITsource : [git] https://github.com/php-loep/oauth2-server.git 2.1.1dist : [zip] https://api.github.com/repos/php-loep/oauth2-server/zipball/2.1.1 2.1.1names : league/oauth2-server, lncd/oauth2, league/oauth2serverautoloadpsr-0LeagueOAuth2Server => src/requiresphp >=5.3.0requires (dev)mockery/mockery >=0.7.2suggestszetacomponents/database Allows use of the build in PDO storage classesreplaceslncd/oauth2 *league/oauth2server *
  30. 30. Bootstrapping a project
  31. 31. $ composer create-project fabpot/silex-skeleton ~/myprojectcreate-project clones a project skeletonand installs its dependencies.
  32. 32. $ composer create-project fabpot/silex-skeleton ~/myprojectInstalling fabpot/silex-skeleton (v1.0.0)- Installing fabpot/silex-skeleton (v1.0.0)Downloading: 100%Created project in /home/vagrant/myprojectLoading composer repositories with package informationInstalling dependencies (including require-dev)- Installing psr/log (1.0.0)Loading from cache- Installing twig/twig (v1.13.1)Downloading: 100%- Installing symfony/icu (v1.2.0)Downloading: 100%- Installing symfony/intl (v2.3.1)Downloading: 100%...symfony/twig-bridge suggests installing symfony/templating ()...Writing lock fileGenerating autoload files
  33. 33. $ ls ~/myprojectcache/composer.jsoncomposer.lockconfig/consolelogs/src/templates/vendor/web/
  34. 34. Adding another dependencyfrom the command line$ composer require doctrine/dbal:~2.3composer.json has been updatedLoading composer repositories with package informationUpdating dependencies (including require-dev)- Installing doctrine/common (2.3.0)Loading from cache- Installing doctrine/dbal (2.3.4)Loading from cacheWriting lock fileGenerating autoload files
  35. 35. Distributing a library
  36. 36. Any directory with a composer.json fileis a package.To be installable, a package just needs aname:{"name": "myvendorname/my-package","require": {...}}
  37. 37. Recommended info for composer.json{"name": "jasongrimes/silex-simpleuser","description": "A simple db-backed user provider for Silex.","keywords": ["silex", "user", "user provider"],"homepage": "http://github.com/jasongrimes/silex-simpleuser","license": "MIT","authors": [{"name": "Jason Grimes", "email": "jason@grimesit.com"}],"require": { ... },"autoload": {"psr-0": {"JGSimpleUser": "src/"}},"suggest": {"monolog/monolog": "Allows more advanced logging."}}
  38. 38. Specify versions with tags in yourVCS.Tags should match X.Y.Z or vX.Y.Zwith optional RC, beta, alpha or patch suffix.1.0.0v1.0.01.10.5-RC1v4.4.4beta2v2.0.0-alphav2.0.4-p1
  39. 39. “dev” versions are created automaticallyfor every branch
  40. 40. Branch names that look like versionsbecome {branch}-dev:2.0 => 2.0.x-dev1.2.x => 1.2.x-dev
  41. 41. Other branch names becomedev-{branch}:master => dev-masterbugfix => dev-bugfix
  42. 42. Specifying system requirements{"require": {..."php": ">=5.3","ext-PDO": “~1.0@dev”,"lib-openssl": "openssl"}}Run composer show --platform for a list oflocally available platform packages.
  43. 43. Executing scripts with Composer{"scripts": {"post-update-cmd": "MyVendorMyClass::postUpdate","post-package-install": ["MyVendorMyClass::postPackageInstall"],"post-install-cmd": ["MyVendorMyClass::warmCache","phpunit -c app/"]}}composer.jsonMany other pre- and post- event hooks are supported.
  44. 44. Submitting to Packagisthttps://packagist.org
  45. 45. If using github, add a service hookPackagist will update whenever you push, instead of being crawled only once daily.https://github.org
  46. 46. Custom repositories
  47. 47. Maintaining your own forksWhen you fix a bug in a third-party library,use your own fork until your fix gets accepted upstream.{"repositories": [{"type": "vcs","url": “https://github.com/jasongrimes/monolog”,}],"require": {"monolog/monolog": "dev-bugfix"}}Your forkBranch with your fixCustom repos have priority over packagist, so your fork gets used instead of the original.
  48. 48. PEAR packages{"repositories": [{"type": "pear","url": "http://pear2.php.net"}],"require": {"pear-pear2.php.net/PEAR2_Text_Markdown": "*","pear-pear2/PEAR2_HTTP_Request": "*"}}
  49. 49. Non-composer packages{"repositories": [{"type": "package","package": {"name": "smarty/smarty","version": "3.1.7","dist": {"url": "http://smarty.net/Smarty-3.1.7.zip","type": "zip"},"source": {"url": "http://smarty-php.googlecode.com/svn/","type": "svn","reference": "tags/Smarty_3_1_7/distribution/"},"autoload": {"classmap": ["libs/"]}}}],"require": {"smarty/smarty": "3.1.*"}}
  50. 50. Private repositories
  51. 51. Use Satis to generate private Composer repositories.$ composer create-project composer/satis --stability=dev$ vim config.json{"repositories": [{ "type": "vcs", "url": "http://github.com/mycompany/privaterepo" },{ "type": "vcs", "url": "http://svn.example.org/private/repo" },{ "type": "vcs", "url": "http://github.com/mycompany/privaterepo2" }],"require": {"company/package": "*","company/package2": "*","company/package3": "2.0.0"}}$ php bin/satis build config.json web/Builds static repoin web/
  52. 52. Use your private repo like any other:{"repositories": [ {"type": "composer","url": "http://packages.example.org/"} ],"require": {"company/package": "1.2.0","company/package2": "1.5.2","company/package3": "dev-master"}}
  53. 53. In conclusion...
  54. 54. • ...install dependencies not stored in your project’sVCS repo.• ...ensure identical versions in all your project’s environments.• ...handle autoloading.• ...distribute your open source libraries.• ...manage your private repositories.Use Composer to:
  55. 55. Resources• http://getcomposer.org• https://packagist.org/• #composer on freenodeJason Grimes / @jason_grimes / jason@grimesit.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×